Read also: DeadBolt ransomware targets Asustor NAS devices, logistics company Expeditors falls victim to a cyber attack, and more.

There is already a well-documented history of cyber attacks targeting organizations in Ukraine - including the attack attributed to members of the Russian military intelligence group GRU - NotPetya. This threat actor has previously conducted attacks known as NotPetya, BlackEnergy, and has targeted high-profile events such as the Olympics, as well as perpetrated destructive attacks against Georgia.

Gone are the days when gate-based security processes were the most effective way to ensure security of an organization’s external attack surface. Getting the security team to sign off on every new application or asset before they go live simply is not scalable.

As technology continues to evolve rapidly, so do the techniques used by adversaries. This may be considered a given, but it is important to appreciate how attackers may leverage existing and commonly used applications within an environment to attempt to seize control and achieve their objectives.

You don’t have to look far for proof that cybercrime is soaring to new heights. Early in the pandemic the U.N. reported cybercrime had increased 600% and other experts estimate damages from global cybercrime to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. Last year alone, we started 2021 in the fog of the SolarWinds attack and finished with the infamous Log4j vulnerabilities, the full impact of which will take years to understand.

According to the FBI Internet Crime 2020 Report, phishing scams were the most prominent attack in 2020 with 241,342 complaints reported and adjusted losses of $54 million. In particular, whaling (a highly targeted phishing attack) has been on the rise and is only expected to grow from here. A whaling attack targets high-profile executives with access to valuable information and systems. Let’s take a closer look at whaling attacks and how to stay protected.

Apple iPhone users are one of the largest targets when it comes to cyber-attacks. Apple uncovered its biggest hack in history last November, which went undetected for five years. At the time they alerted users who had fallen victim to the colossal Apple cyber attack. The hack targeted Apple’s iCloud service and was able to gain access to users’ photos, videos, and other personal information.

As per the Varonis Global Data Risk Report for 2021, 13% of all the files and folders; and 15% of sensitive files in an organization are open to everyone. Further, when it comes to the SMEs, only 16% of them have done thorough cybersecurity posture reviews, and that too after encountering an attack. While organizations across the globe have very little or no preparedness when it comes to cybersecurity, cyberattacks are becoming more and more sophisticated.

Read also: Google and Adobe address zero-day flaws, the US issues an alert over Russian hackers, and more.

A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often. However, many frameworks and libraries are available to make database connections and queries safe.

One very predictable part of cybersecurity is that the work is unpredictable. here are routines that help to create a predictable rhythm, but you don’t necessarily know when the next attack will come, how intense it will be when it does, or when you will get to go back to a predictable and hopefully manageable rhythm again.

Ransomware attacks on Colonial Pipeline, JBS Foods and Kronos are just a few recent examples in the rise of cyber-physical attacks that disrupt lives of individuals and have the potential to cause physical harm. This concerning trend is capturing the attention of organizations worldwide, with Gartner predicting that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024.

Zero day attacks consist of almost 80% of all malware attacks. Take a look at some recent attacks and learn how to prevent them. You work hard to secure your business network. Yet determined hackers probe persistently until they find a software vulnerability you don’t know about. They use this previously unknown and unpatched flaw.

Weekly round-up of the most noteworthy cyber security headlines.

A data exfiltration attack involves the unauthorized transfer of sensitive data, such as personal data and intellectual property, out of a target system and into a separate location. These transfers could either occur internally, through insider threats, or externally, through remote Command and Control servers. Every cyberattack with a data theft objective could be classified as a data exfiltration attack.

Brute force attacks are nothing new in cybersecurity. As far back as 2015 (eons ago, in technology terms) the global coffee chain Dunkin’ Donuts suffered a brute force attack that targeted nearly 20,000 of its customers. In this attack, cyber attackers used brute force to get unauthorized access to the accounts of more than 19,000 users and steal their money. Following the incident, Dunkin’ Donuts was slapped with a lawsuit, where it ended up paying more than $500,000 dollars in a settlement.

In the past 24 hours, funding website GiveSendGo has reported that they’ve been the victim of a DDOS attack, in response to the politically charged debate about funding for vaccine skeptics. The GiveSendGo DDOS is the latest in a long line of political cyberattacks that have relied on the DDOS mechanism as a form of political activism. There were millions of these attacks in 2021 alone.

2021 broke new ground in terms of cybersecurity, and much was ground just as well left unbroken. With no indication that ransomware, data breaches, and assorted malware will go away soon, the new year is a time for organizations to get a fresh start and really fortify themselves against a widening field of threats. One month in, we've already seen a disturbing array of attacks, from those on political targets to distressing new malware to a breach of exceptional sensitive information.

A brief overview of the most notable cyber events of the last week.

The combination of poor cybersecurity practices, sensitive data storage, and a desperation to preserve business continuity at all costs, makes the healthcare industry a prime target for cybercriminals - an inevitability that was further exacerbated by the pandemic. To support the relevance of healthcare cybersecurity programs within the current cyberattack climate, the 4 biggest cybersecurity challenges in the healthcare industry are listed below.

A botnet is a cluster of machines that are infected with malware, enabling hackers to control them and unleash a string of attacks. Most commonly, botnets come in the form of distributed denial of service (DDoS) attacks, and recently the Microsoft Azure DDoS Protection team reported a 25% increase in these attacks when compared to the first half of 2021. Recent advances in technology have opened up a world of new opportunities for both consumers and businesses.